Just started in new position

dfrancdfranc Member Posts: 44 ■■□□□□□□□□
So I am use to working in a corporate infrastructure where everything is under one roof as it were. I now find myself in sole charge of this companies IT of which they have multiple locations, two have a DC and the others are using File servers.

I would like to change this setup so that maybe these small locations can connect to one server to access their data, rather than use some old file server on site that just slows the hell down when people connect to it. I would also like to manage these servers from our main office where I work, and also backup these servers, I am thinking using the cloud solution for the backups.

So what advise could you share with me to give me a better idea on how to go forward, what are your recommendations?

Comments

  • MJK9550MJK9550 Member Posts: 160
    I would recommend just moving the servers to your main location, you can have them RDP into a terminal server to access whatever they need to. Cheaper way for backing up, since it doesn't sound like there is all that much to back up, would be a few external drives. Simple and easy, you can use something along the lines of dirsync to back up to them on a nightly basis or whatever you need to. How many total users?
  • shochanshochan Member Posts: 962 ■■■■■■■□□□
    Definitely have a more than one DC housing your AD, if that fails on one server, you'll be in a mess. I don't know of a cloud backup provider that backs up system state, but you could put in a SANS or NAS to back that up onsite. Beef up the servers with max RAM, you may have to add a 2nd CPU if the server doesn't already have one, so that you can put in max RAM, this should help your terminal svr users. Also, check your ISP speeds (speedtest.net), your ISP business contract maybe over and you might can upgrade to higher speeds. Upgrade your switches to at GB switches, fast Ethernet is still out there if you can believe it...This is just a few things I can think of with limited info.
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • dfrancdfranc Member Posts: 44 ■■□□□□□□□□
    Hi

    We have a total of 67 users, this will be growing to 80 in a few months. If I took away the server in each location, how would the users be able to login to their workstations? They do have in the main office an SBS server, fortunately they are not using the other applications on the server like SharePoint or Exchange. Have you worked with remote software? I am looking at Team Viewer, GoToAssist etc. Not sure which one is best.
  • dfrancdfranc Member Posts: 44 ■■□□□□□□□□
  • MJK9550MJK9550 Member Posts: 160
    I use teamviewer, very easy to work with and you wont need many licenses since you don't have that many users or I'm assuming IT personnel who will be using it to support them. How many locations and how distanced from each other are they? How many users at each location? Do they currently have an AD at each location?

    In order to give you the best advice we will definitely need more info on the current set up.
  • dfrancdfranc Member Posts: 44 ■■□□□□□□□□
    Well the locations are very far apart, some are over 200KM away. We have two DC`s, one in the Main Office and another located in another office branch nearby. I have noticed that other locations have a file server that's not even on a domain, its just setup in a workgroup. I would say the number of users range from 3 in one office to 27 in another.
  • MJK9550MJK9550 Member Posts: 160
    I would better organize it, make it so they are all on the same domain. You can then better control access and security centrally at your main office. I would suggest maybe setting up a VPN and TS for them to connect from each remote office. What's the hardware like at each location as far as switches and things along that line?
  • dfrancdfranc Member Posts: 44 ■■□□□□□□□□
    Not sure, only just started, so I have not been to all the locations yet. I know some have 2003 R2 servers, not joined to a domain, just as a workgroup and other users use VPN to connect.
  • shochanshochan Member Posts: 962 ■■■■■■■□□□
    I would get SBS out of the mix. Exchange/SQL should be on their own physical/virtual server IMO. RDP comes built into Windows, just enable that, its free, you just need to setup port fwd on your firewall & regedit the RDP ports on the local systems you want access to, kinda a pain to setup, but again it works. VPN is slow, encrypting/decrypting that tunnel has always been a user gripe, probably because some applications don't support it or it again performs badly. Using a TS is great if you have plenty of CPU/RAM/HDD/MS TS licenses. 2003 Servers?? Those are EOL, no more security updates from Microsoft, I would get those migrated ASAP!
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • dfrancdfranc Member Posts: 44 ■■□□□□□□□□
    Thanks for the feedback. I would only want users to be able to see the drives so they can access the data and not any other part of the server.
  • alias454alias454 Member Posts: 648
    Setup AD with two servers at the main site, setup a DFS server at the main site. Back both of those up using a traditional backup method. At each branch location, setup a DC that replicates from the main site and a DFS server. Setup each branch to use the closest DC and DFS server during normal operations. In the event a branch DC or DFS server goes down, they can then fail over to the main site. Depending on your WAN link speed this may be painful but it will allow operations to continue in the event a failure happens. On the flipside, users will still get logged in and have access to their files if the main site is offline.

    Hardware for this shouldn't be terrible. We run a DC at one of our branches supporting 170 users and it is setup with 1vCPU and 4GBs of ram. A DC doesn't have to be a beast. The DFS server has more RAM but YMMV. Another possible option is configure a VMware server at each location to host multiple VMs. You can get away with the free version and save a little money on MS licenses this way too.

    Plan on an upgrade to server 2012R2, time to get off server 2003 It was EOL last July
    “I do not seek answers, but rather to understand the question.”
  • fmitawapsfmitawaps Banned Posts: 261
    What's your budget for this system overhaul?

    Grab a few new-ish servers, maybe a year old or so to save some bucks on them but still have decent hardware. Pimp up the RAM and CPUs hardcore, at least on the server that people will be logging into the most. Run 2012 R2. Consider using some virtual machines to spread the load if your hardware can handle it.

    Nothing less than gigabit switches, preferably 10 gig and fiber lines if you can do it. Again on the switches, pick up a few of last years' top model. Plenty of life left in them, and save some money!

    As for backups, don't be the guy who didn't have a good backup plan in place, be the hero who had a Qnap for mass storage and some other backup form also, maybe in a secondary location. It would not be a bad idea to have an external hard drive or 2 that is connected once a week for a full backup, then unplugged so even a lightning strike can't hurt it.

    Do you have battery backups? If not, get some. Does the building that will house the servers already have a genset and battery UPS system in place?

    And finally, don't listen to me, as I only kind of know what I'm talking about. I'm not experienced enough to be a network admin, and even less to be a sys admin.
Sign In or Register to comment.